Hi,
I have a log file that contains a field called Status.
i have two values: one null and the other OK.
by null i mean there are no value.
in mu logstash config file i used :
mutate {
gsub => [ "Status , " " , "Failed" ]
}
i need to replace all the null values by Failed
i don't know why it didn't work
Do this instead (see the if condition):
input {
generator {
message => '{"field1": "01", "field2": "", "Status": null}'
count => 1
}
}
filter {
json {
source => "message"
}
if ! [Status] {
mutate {
update => { "Status" => "Failed" }
}
}
}
output {
stdout {
codec => rubydebug
}
}
result
{
"sequence" => 0,
"@timestamp" => 2018-01-09T15:41:53.075Z,
"field1" => "01",
"field2" => "",
"Status" => "Failed",
"host" => "Elastics-MacBook-Pro.local",
"message" => "{\"field1\": \"01\", \"field2\": \"\", \"Status\": null}",
"@version" => "1"
}
i will try it thank you !
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.